App-based messaging is here to stay. These tools cost little or nothing, connect us with just a few taps on the phone, and appeal to the digital warrior and remote worker in all of us. At home and at work, people connect through platforms like Slack, Microsoft Teams, Google Chat, and iMessage.
Although these platforms play a vital role in our lives, the same features that make messaging apps so popular also create potential risks for companies whose employees use them to communicate work information.
the Securities and Exchange Commission and the Commodity Futures Trading Commission 11 financial firms were recently fined a total of $549 million for practices related to the use of app-based messaging, including by senior executives.
The SEC noted “widespread and long-standing failures by companies and their employees to maintain and maintain electronic communications.” The CFTC said each of the four companies it investigated “failed to prevent its employees, including those at senior levels, from communicating internally and externally using unapproved communication methods, including messages sent via text message.” Personal or WhatsApp”.
How can you ensure that your colleagues communicate effectively while meeting regulatory and legal obligations? Consider the five tips below.
Evaluation of messaging platforms
- Inventory messaging platforms used in the company and monitoring new platforms. Although the iMessage platform for iPhone is synonymous with text messaging, the technology behind these services is different from traditional text messaging based on SMS and MMS, and iMessage should be treated as an app-based platform.
- Assess the security risks associated with each platform. Do you understand where the data is stored — on the company’s servers and devices, or on employees’ personal devices?
- Check the default data retention settings, whether automatic deletion can be turned off, the length of time messages can be kept, and whether a specific retention period can be set for messages by default to ensure that unnecessary messages are not kept indefinitely during a meeting Regulatory obligations/compliance.
- Determine whether it is possible to quickly begin to hold the data in place for legal custody before the need to do so arises.
- Research the process and cost to retrieve and produce messaging data.
List of supported platforms
- Develop and track the criteria used to approve messaging platforms and whether they can be used on personal devices.
- Use the standards to create a list of platforms approved for commercial use.
- When choosing platforms, consider legal and business needs to ensure electronic data related to a business is preserved and accessible.
Use and retention policies
- Policies should specify when the use of messaging platforms is appropriate.
- Include if your company will allow employees to communicate work information via messaging platforms.
- Understand and align message maintenance policies with similar policies in the legal and IT departments. By linking to other communications and data retention policies.
- Understand whether your company is subject to regulatory protection requirements and if there are any outstanding court orders. Evaluate whether these obligations apply to application-based messaging.
- If you discover potential regulatory compliance issues, consult with an attorney for self-report evaluation and remedial measures.
- Issue legal holds instantly and send periodic reminders when a duty to safeguard is triggered.
- Conduct internal trainings on record keeping and application-based messaging policies.
- Consider establishing clear escalation protocols and procedures to impose consequences on employees and managers who fail to adhere to company policies related to these platforms.
- Advise employees to create company information on company-supported systems whenever possible.
- Ensure that external partners such as external advisors and e-discovery vendors are aware of your approach.
Application-based messaging services can increase communication and employee engagement. They are not going away anytime soon. The key to reducing risks is to ensure that people use them at work in a way that complies with regulatory and legal obligations.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Jay Williams He is Orrick’s partner in the firm’s financial and technology advisory practices.
Wendy Butler Curtis He is Orrick’s chief innovation officer.
Jeffrey McKenna He is Orrick’s Senior Electronic Discovery and Privacy Advocate.
Write to us: Author Guidelines